| SOV-1 Strategic Sovereignty | SEAL-1 | |
| SOV-2 Legal & Jurisdictional Sovereignty | SEAL-1 | |
| SOV-3 Data & AI Sovereignty | SEAL-1 | |
| SOV-4 Operational Sovereignty | SEAL-1 | |
| SOV-5 Supply Chain Sovereignty | SEAL-1 | |
| SOV-6 Technology Sovereignty | SEAL-2 | |
| SOV-7 Security & Compliance Sovereignty | SEAL-1 | |
| SOV-8 Environmental Sustainability | SEAL-1 |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-1.1 | EU/EEA legal entity control | 1. Entirely outside the EU | 0/125 | SEAL-1 | high | foreign_parent (DigitalOcean Holdings, Inc., Delaware/NYSE:DOCN, US HQ); controlling entity entirely outside the EU -> SOV-1.1 opt1. (src: https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001582961&type=10-K) |
| SOV-1.2 | Change of control risk | 4. Unlikely takeover/transfer to non-EU sovereign entity | 94/125 | SEAL-4 | medium | Publicly traded (NYSE:DOCN) and acquirable, but no announced takeover; control distributed among (mostly US) institutional shareholders, so a transfer to a non-EU sovereign entity is unlikely rather than imminent. |
| SOV-1.3 | Control over roadmap | 2. Through 'voice of the customer' public channels | 42/125 | SEAL-2 | medium | foreign_parent: roadmap set centrally by the US company; EU customers influence only via public 'voice of the customer' channels, no EU governance body -> SOV-1.3 opt2. |
| SOV-1.4 | Financial independence from non-EU capital | 1. Almost entirely relying on non-EU funding | 0/125 | SEAL-4 | high | Funding is almost entirely US capital (IPO on NYSE, largest holder US-based Access Industries/Len Blavatnik); essentially no EU funding base. |
| SOV-1.5 | EU economic contribution | 2. Some | 31/125 | SEAL-4 | medium | Predominantly a US economic actor; EU contribution limited to leased data-centre presence in Amsterdam/Frankfurt and EU customer revenue, a minority of overall footprint. |
| SOV-1.6 | Participation in EU strategic programs | 1. No clear participation | 0/125 | SEAL-4 | medium | No evident participation in EU strategic programs such as Gaia-X or IPCEI-CIS. |
| SOV-1.7 | Alignment with EU industrial strategies | 1. No evidence exists | 0/125 | SEAL-4 | medium | No evidence of alignment with or action plan toward EU industrial/sovereignty strategies; positioning is global, NVIDIA-led AI factory rather than EU-aligned. |
| SOV-1.8 | Resilience to cut-off | 3. Can continue temporarily per contractual agreement | 63/125 | SEAL-2 | low | Not own_stack (foreign-controlled provider on leased colocation infra plus US chip vendors), but a standard IaaS/PaaS with documented data-export tooling and contractual terms under which the EU service could continue temporarily after a cut-off rather than shutting down immediately -> SOV-1.8 opt3 (seal 2), consistent with US commodity-IaaS peers. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-2.1 | Primary legal jurisdiction | 2. Mixed EU/non-EU | 84/167 | SEAL-1 | high | EU customers contract under a GDPR DPA with SCCs/DPF while the provider and parent are US entities; primary jurisdiction is therefore mixed EU/non-EU rather than exclusively EU law -> SOV-2.1 opt2. (src: https://www.digitalocean.com/legal/data-processing-agreement) |
| SOV-2.2 | Extraterritorial laws exposure | 2. Mitigation clauses, exposure remains | 42/167 | SEAL-1 | high | No immunity (no SecNumCloud/EUCS-High, no EU trustee structure); SCC/DPA mitigation clauses exist but exposure to US extraterritorial law (CLOUD Act/FISA 702) remains -> SOV-2.2 opt2. (src: https://www.digitalocean.com/trust/schrems-ii-faq) |
| SOV-2.3 | Data access pathways for non-EU authorities | 2. Can compel access without notification, specific cases | 42/167 | SEAL-1 | high | foreign_parent: as a US company DigitalOcean is subject to the CLOUD Act/FISA and can be compelled to produce data, in specific cases under gag orders preventing notification -> SOV-2.3 opt2 (seal 1, caps SEAL at 1). (src: https://www.digitalocean.com/trust/schrems-ii-faq) |
| SOV-2.4 | Export control restrictions | 2. Restrictions towards EU citizens or international orgs | 42/167 | SEAL-1 | low | Subject to US export-control/OFAC regimes that can restrict service to specific sanctioned EU citizens/orgs, but no restriction targets an EU Member State and EU revenue is not a >50% majority -> SOV-2.4 opt2. |
| SOV-2.5 | Origin of IP | 1. Entirely outside the EU | 0/167 | SEAL-4 | high | Core platform IP developed and owned by the US company; IP originates entirely outside the EU. |
| SOV-2.6 | IP holder jurisdiction | 1. Non-EU law, single country | 0/167 | SEAL-3 | high | IP held by the US parent under US (single-country) law -> SOV-2.6 opt1. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-3.1 | Customer control over encryption keys | 2. Primarily provider, not exclusively | 50/200 | SEAL-1 | medium | Encryption at rest is AES-256/LUKS with provider-managed keys; only object storage offers SSE-C, no platform-wide customer-managed KMS, so the provider can generally read data -> SOV-3.1 opt2. |
| SOV-3.2 | Transparent data flows & access logs | 3. Logs exist but not real-time / vendor-controlled | 100/200 | SEAL-2 | low | Activity/audit logs and a monitoring/insights portal exist but are vendor-controlled and not independently auditable in real time -> SOV-3.2 opt3. |
| SOV-3.3 | Secure deletion & proof of erasure | 3. Internal validation per policy, no proof | 100/200 | SEAL-1 | low | Deletion follows internal policy with destruction of storage on decommission, but no customer-facing cryptographic proof of erasure -> SOV-3.3 opt3 (policy-only). |
| SOV-3.4 | Data location strictly in EU/EEA | 4. EU by default, tightly controlled exceptions | 150/200 | SEAL-1 | medium | No eu_exclusive sovereign offer, but customer data uploaded to a chosen region (e.g. FRA1 Frankfurt, AMS3 Amsterdam) remains in that region: EU-by-default with tightly controlled exceptions rather than a contractual no-third-country guarantee -> SOV-3.4 opt4 (seal 1). (src: https://www.digitalocean.com/blog/digitalocean-bare-metal-gpus-eu-data-center) |
| SOV-3.5 | AI services sovereignty | 2. Mostly non-EU: licensed AI, chip dependency | 50/200 | SEAL-2 | high | Gradient/GenAI relies on licensed third-party models (OpenAI, Anthropic, Llama, NVIDIA Nemotron) on US-designed NVIDIA/AMD accelerators; mostly non-EU with chip dependency -> SOV-3.5 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-4.1 | Portability & interoperability | 3. Standard documented data export methods | 84/167 | SEAL-4 | medium | Standards-based, documented APIs and data export (S3-compatible Spaces, standard snapshots/images) enable portability -> SOV-4.1 opt3. |
| SOV-4.2 | Ability to operate without foreign dependencies | 1. Critical ops delivered by non-EU teams | 0/167 | SEAL-1 | medium | No eu_ops: critical platform engineering and operations run by globally distributed, predominantly US-based teams; the EU cannot operate the stack independently -> SOV-4.2 opt1. |
| SOV-4.3 | Skill availability in the EU | 2. Mixed, majority outside EU | 42/167 | SEAL-1 | low | Engineering/operations talent is a global team with the majority outside the EU -> SOV-4.3 opt2. |
| SOV-4.4 | Support channels | 2. Mixed, majority outside EU | 42/167 | SEAL-2 | low | Support is global (follow-the-sun) with the majority of staff outside the EU -> SOV-4.4 opt2. |
| SOV-4.5 | Documentation & knowledge transfer | 2. EU optional, not enforced | 42/167 | SEAL-2 | low | Documentation and knowledge repositories are global English-language resources; EU residency is optional and not enforced -> SOV-4.5 opt2 (seal 2), consistent with US commodity-IaaS peers. |
| SOV-4.6 | Subcontractor & supplier jurisdiction | 2. Service would stop with delay | 42/167 | SEAL-2 | low | Heavy reliance on non-EU subcontractors (US colocation providers, US chip vendors); loss of these would stop the service with only a delay for customers -> SOV-4.6 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-5.1 | Origin of components (physical parts) | 2. Partial disclosure | 36/143 | SEAL-1 | low | Physical components (servers, NVIDIA/AMD GPUs) are foreign-origin with only partial public disclosure of provenance -> SOV-5.1 opt2. |
| SOV-5.2 | Manufacturing location | 2. Foreign origin, partial disclosure | 36/143 | SEAL-1 | low | Hardware manufactured by foreign (US/Asia) OEMs and chip makers with only partial disclosure; not built by EU teams -> SOV-5.2 opt2. |
| SOV-5.3 | Embedded code/firmware provenance | 2. Partial disclosure | 36/143 | SEAL-4 | low | Firmware/embedded code provenance (BIOS, GPU firmware) is foreign and only partially disclosed. |
| SOV-5.4 | Origin of software | 2. Foreign origin, partial disclosure | 36/143 | SEAL-2 | medium | foreign_core: core platform software is the US company's proprietary stack of foreign origin with partial disclosure (some open-source tooling published), not maintained by EU teams -> SOV-5.4 opt2 (seal 2), consistent with US commodity-IaaS peers. |
| SOV-5.5 | Software build/release jurisdiction | 1. Non-EU control & execution | 0/143 | SEAL-1 | medium | Software build and release are controlled and executed by the US company outside the EU -> SOV-5.5 opt1. |
| SOV-5.6 | Single point of dependency | 2. Mostly non-EU, undocumented | 36/143 | SEAL-1 | medium | Critical services depend on non-EU vendors (US colocation/data-centre operators, US/Asia chip suppliers, US AI model providers) with little documentation of EU alternatives -> SOV-5.6 opt2. |
| SOV-5.7 | Supply chain transparency | 2. Some suppliers auditable | 36/143 | SEAL-1 | low | Some suppliers/data-centre partners are disclosed and SOC-2-audited, but the full supply chain is not customer-auditable -> SOV-5.7 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-6.1 | Interoperability & open interfaces | 4. Standards-based and broadly compatible | 150/200 | SEAL-3 | medium | Interfaces are largely standards-based and broadly compatible (S3-compatible object storage, standard Linux/Kubernetes/Postgres, open REST APIs) -> SOV-6.1 opt4. |
| SOV-6.2 | Open standards compliance | 3. Partial core adoption | 100/200 | SEAL-2 | medium | Open standards adopted for core services (DOKS/Kubernetes, S3 API, standard OS images and databases) but not via a comprehensive published policy across all services -> SOV-6.2 opt3. |
| SOV-6.3 | Open source availability | 2. Source available for review, strict rights | 50/200 | SEAL-2 | medium | foreign_core: the managed platform is closed-source/vendor-controlled; some open-source tooling published but the core service is not open -> SOV-6.3 opt2 (seal 2). |
| SOV-6.4 | Service architecture transparency | 3. Some public insight | 100/200 | SEAL-3 | low | Substantial public documentation, tutorials and shared-responsibility/architecture material provide some public insight -> SOV-6.4 opt3. |
| SOV-6.5 | HPC sovereignty | 2. EU-hosted, foreign stack | 50/200 | SEAL-3 | medium | GPU/HPC capacity is offered in EU regions (Amsterdam bare-metal GPUs) but runs on imported NVIDIA/AMD hardware and stack: EU-hosted on a foreign stack rather than imported black-box with no EU footprint -> SOV-6.5 opt2 (seal 3), consistent with US commodity-IaaS peers. (src: https://www.digitalocean.com/blog/digitalocean-bare-metal-gpus-eu-data-center) |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-7.1 | Security certification (EAL) | 3. EAL2 | 72/143 | SEAL-2 | medium | No SecNumCloud/EUCS-High/Common Criteria EAL, but holds SOC 2/3 Type II (Schellman) plus ISO 27001 and CSA STAR L1; per the key's cert map ISO 27001 + SOC 2 -> EAL2-equivalent -> SOV-7.1 opt3 (seal 2). (src: https://www.digitalocean.com/trust/certification-reports) |
| SOV-7.2 | EU regulatory compliance (GDPR/NIS2/DORA) | 3. Moderate compliance | 72/143 | SEAL-4 | medium | GDPR-compliant with DPA/SCCs, SOC 2/3 Type II, ISO 27001, CSA STAR L1, stated DORA eligibility, but no EUCS/SecNumCloud; moderate compliance -> SOV-7.2 opt3. |
| SOV-7.3 | EU-based SOC & incident handling | 2. Hybrid EU/non-EU | 36/143 | SEAL-1 | low | Security operations and incident response run by global teams in a hybrid EU/non-EU arrangement, not EU-exclusive -> SOV-7.3 opt2. |
| SOV-7.4 | Control over security monitoring/logging | 3. Basic monitoring portal | 72/143 | SEAL-1 | low | Customers get a monitoring/insights portal with activity logs and periodic reports, but the provider retains primary control of security logging; no immutable EU-resident customer-controlled logs -> SOV-7.4 opt3 (basic monitoring portal), consistent with US commodity-IaaS peers. |
| SOV-7.5 | Disclosure of incidents | 3. Moderate (GDPR/NIS2-aligned) | 72/143 | SEAL-2 | medium | Incident disclosure is moderate and GDPR/breach-notification aligned via the DPA, but not full real-time CSIRT sharing -> SOV-7.5 opt3. |
| SOV-7.6 | Maintenance autonomy | 2. Limited autonomy (vendor schedules) | 36/143 | SEAL-1 | low | As a managed multi-tenant platform, maintenance windows and patching are vendor-scheduled; customers have limited autonomy over the underlying platform -> SOV-7.6 opt2. |
| SOV-7.7 | Auditability | 2. Limited independent access | 36/143 | SEAL-1 | low | No audit_rights: independent assurance is via third-party SOC 2/3 reports on request; customers cannot perform unrestricted independent audits of the infrastructure -> SOV-7.7 opt2. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-8.1 | Energy efficiency (PUE) | 3. PUE < 1.5 + roadmap | 125/250 | SEAL-4 | low | DigitalOcean reports its data centres average a PUE of ~1.15 and invests in efficient hardware and renewable energy: PUE well under 1.5 with an efficiency roadmap -> SOV-8.1 opt3. (src: https://investors.digitalocean.com/esg/environmental/default.aspx) |
| SOV-8.2 | Hardware reuse & recycling | 3. Documented program | 125/250 | SEAL-3 | low | Hardware lifecycle is handled through DigitalOcean's colocation partners with a documented circular/efficiency program (efficient hardware reuse and responsible decommissioning) reflected in its ESG disclosures -> SOV-8.2 opt3 (documented program), consistent with US commodity-IaaS peers. (src: https://investors.digitalocean.com/esg/environmental/default.aspx) |
| SOV-8.3 | Environmental impact reporting | 2. Basic reporting | 63/250 | SEAL-1 | low | Publishes ESG/environmental disclosures on its investor site but without detailed carbon figures under a formal annual environmental report with reduction targets -> SOV-8.3 opt2. (src: https://investors.digitalocean.com/esg/environmental/default.aspx) |
| SOV-8.4 | Energy supplies | 3. Mix of EU and non-EU supplies | 125/250 | SEAL-4 | low | Energy drawn from a mix of EU and non-EU colocation facilities; DigitalOcean does not control or fully disclose per-site energy mix, implying a global mix of supplies. |